When is a cyber-attack not an attack?

The Impact of Website Hacking

When is a cyber-attack not an attack? An interesting conundrum, but one that many website owners are beginning to consider thanks to a new wave of cyber-crime that is sweeping the internet. We have covered a number of topics through the Digital Pathways blogs that deal with the obvious repercussions of a hack or cyber-attack. When it comes to the Risks of Ransomware for instance, the dangers are obvious, namely the encryption of your data by a hacker who then blackmails you for its return. Targeted phishing too has quite evident consequences, with the release of malware onto a network that subsequently leaks your important data. Website hacking in contrast is not a denial of service attack. In fact, you might not even know you’ve been hacked.

Effectively, what is happening is a version of Search Engine Optimisation (SEO), a service you may well have heard of and may even be paying for. Unfortunately, in this instance, it isn’t your search ranking that is benefitting. The hacker instead finds a weakness in your website’s code and exploits it to gain access. Off the shelf plugins, such as WordPress, are particularly vulnerable to this, especially if not regularly patched with the latest updates. Once inside, the hacker will then look to create what is known as a relay server. This allows them to send emails from your website that aren’t actually from you.

This opens up numerous opportunities for the hacker. As far as the SEO side is concerned, they are able to incorporate backlinks into your website that will link users to another website. Backlinks are something that can highly influence your search engine ranking, meaning that just by a user visiting your website, the hacker could potentially be raising the ranking of their own site too. The introduction of the relay server also allows them to send out spam emails that may contain malicious files, or again links to a website that they own. These emails will appear to come from you, making you seem like the spammer, or even the criminal, if malware is released onto someone else’s system.

The problem with this particular brand of hacking isn’t just the effect it can have on your website and reputation, but how difficult it is to detect. It isn’t as obvious as other forms of attack, where hackers will look to block your access to information, or release a virus onto your system. Instead, the process can be undertaken quietly and tactfully without arousing suspicion, until of course it is too late.

So what can be done to protect against this particular brand of cyber-crime? As was touched on earlier, keeping your website updated is a must. If you are using WordPress or something similar, then make sure that patches are regularly added, either by yourself or your developer. These patches are developed for a reason; to fix any weaknesses that have been found that can be exploited by those with malicious intent. As well as this, introducing logging to your website can also reduce the risks. By regularly monitoring activity through the logs that are created, you can quickly identify anything out of the ordinary and act swiftly to it.

If you are worried about the security of your website, or fear that it might already have been hacked, then call Digital Pathways today and let our team help you keep your online presence safe. Call us on 0844 586 0040

What the GDPR means for businesses
Comms Business Award - Channel Product of the Year - Software 2016